Switching upstream Modem into Bridge mode blocks PfSense
-
I setup a basic configuration and it's been working for a few months as a test. I wanted to change my Arris G54 modem/router to bridge mode, and let everything be handled by PfSense as a firewall and possibly a VPN server. In the future, running Dynamic DNA for devices on my network.
The Arris device is what I had before getting new equipment and has a 10G port, so I'm trying to get it to be a 10G modem. I'm using DAC cables and dongles to connect all the hardware. Those have been working well and giving a 10G route from Switch>Router>PfSense>Modem/Router>Internet.
I have my VLANs defined in the Omada router.
I wanted to change the Modem/Router into bridge mode. When I do, I can't get PfSense to connect. It's been connected for several weeks with the Arris Modem/Router in router mode. I can also by pass the PfSense and connect the Omada router into the Arris Modem/Router in bridge mode and it will connect.
I've walked through these Help Doc pages starting here and updating the settings on both WAN3 and WAN4 on the Netgate device.
https://docs.netgate.com/pfsense/en/latest/interfaces/wanvslan.htmlIn tinkering with the settings and following the Help Docs, it seems the IPv6 was connecting but not the IPv4. Even when I disable the IPv6 gateway, it still seems to be connecting. I know the Arris device will only allow one connecting in Bridge mode.
I've attempted to setup bulk 'all everything' NAT and firewall rules but I just can't get it to work. I have Charter/Spectrum internet. Myself and my spouse work from home and both use outgoing VPNs for work so I'm attempting to maintain as high a speed as possible in the setup.
Hardware setup
Omada Switch, SG3438XPP-M2, Port25, 10G > Omada ER8411, SPF+ WAN1, 10G >WAN 4, 10G, Negate 6100, PfSense, WAN3 10G > Arris G54, LAN Port 1, 10 GI have LAN port 1 on the Netgate device setup as a 'Console' port I have my desktop plugged into to tinker with the setting and monitor it.
In the future I'd like to use Dynamic DNS for my NAS and Security Camera setup. This is way I'm wanting the Arris device in bridge mode and to utilize it's 10G port. I'd also like to eventually be able to use a VPN to access my home network while traveling.
-
@HuntyBadger Have you tried setting pfsense WAN to reject leases from e.g. 192.168.100.1 (assuming that is the Arris modem IP). I think I had to do something similar when I was playing around with a 5G modem in bridge mode.
May I ask why you have the Omada Router involved, when you have pfsense? I get that you need to manage your switch, but this will definitely complicate things when you move forward to the VPN and Dynamic DNS you are mentioning. You can run the Controller SW on a Pie or as a VM...